CVE-2023-6880

CVE-2023-6880 affects the Visual Composer website plugins for WordPress (Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages). The vulnerability is stored XSS in plugin custom fields due to insufficient input sanitization and output escaping on user-s...

CVE-2025-46254

CVE-2025-46254 affects the Visual Composer Website Builder WordPress plugin (versions through 45.10.0). The issue is a Stored Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation. Exploitation could occur via stored inputs that are rendere...

CVE-2022-2516

CVE-2022-2516 affects the Visual Composer Website Builder WordPress plugin (versions up to 45.0). The root cause is insufficient input sanitization and output escaping for the post/page Title, enabling authenticated editors to inject arbitrary scripts that execute when pages are viewed. Affected ...

CVE-2022-2430

CVE-2022-2430 refers to the WordPress Visual Composer Website Builder plugin (≤ 45.0). The vulnerability is a stored cross-site scripting (XSS) in the Text Block feature caused by insufficient input sanitization and output escaping, enabling authenticated users with editor access to inject script...

CVE-2024-35653

Technical details for CVE-2024-35653 are not publicly provided in the connected documents. No explicit affected product/version, root cause, impact, or fixes are described here. Monitor for updates.

CVE-2020-36722

The CVE-2020-36722 entry concerns the WordPress Visual Composer plugin. Affected: Visual Composer Website Builder for WordPress, versions up to and including 26.0. Root cause: insufficient input sanitization and output escaping. Impact: Cross-Site Scripting allowing arbitrary scripts to run in a ...